Ed Doolittle wrote:
> On Sun, 17 Jan 1999, Joel A. Matz wrote:
>
>> I have a situation where I need to access 2 dialup ppp servers. One is
>> my default ISP for general internet traffic, while the other is work
>> related and should only go up based on a certain class b address group.
>
> Simplicity is a virtue. You should stick to just one provider if
> possible. If cost is an issue you can do IP accounting to compare the
> number of packets going to different destinations and split the cost
> accordingly. If security is an issue you can arrange IP tunneling through
> the ISP to a machine at work.
Um, don't tell intel this. One of Randal Schwartz' three felony counts
was arrainging IP tunneling through intel's firewall. This is *very*
touchy legal ground. My employer recently went VPN, but you should not
set something up yourself if they don't have something. You maybe can
talk them into doing it, but do *NOT* set up your own personal tunnel,
so long as you'd rather work than spend time in prison.
Randal may not have been sentenced to jail (well, he was, but it was
suspended, with parol possible before serving a day. He didn't have to
actually go to jail.), but that doesn't say someone else pulling one of
the stunts he tried won't spend some time getting close to 'Bubba'.
Note: I'm not saying intel was right to charge him for his three felony
counts. I can't remember it now, but when I listened to his
presentation about it, I only came up with one crime that he commited,
and it wasn't anything they went after him for doing. *BUT*, I am
mentioning that you're suggesting risky business here.
Not that I haven't suggested it myself, but I've always tried to do so
in a way so as to make it clear that the employer wouldn't be happy upon
discovery.
I could also mention that a VPN tunnel is not what I'd call simplicity.
> 1) Keep all the DNS information for work on your local machine.
> /etc/hosts is a quick, error-prone way of doing it. Better would be to
> run named on your local machine and arrange periodic transfers of
> information from the nameserver at work. In either case you will need to
This is better if
1> You're good enough at reading, and you read all the right
documentation so that you can make/keep your named stable.
2> You can *get* transfers from the nameserver at work.
I couldn't do the named method, because I can't get transfers from the
nameserver at work. There were semi-valid security reasons given for
this.
> run
>
> echo 5 > /proc/sys/net/ipv4/ip_dynaddr
>
> if your IP address is dynamically assigned by your ISP or the ppp server
> at work.
This would be less ambiguous if you added the word 'either'.
How about method 3, which will only work if your work is set up
hierarchically:
Set up your named to 'serve' the company's primary domain, and it
specifies NS records for all of the subdomains you're likely to use.
It'll also need to have all the top-level hosts, such as www.foo.com.
As I'm thinking about it, this would almost work in my case. However,
there are some subdomains I may have to use that I don't know about.
Ed
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
